| CVE-2026-27514 | Tenda F3 Plaintext Credential Exposure in Configuration Download | Shenzhen Tenda Technology Co., Ltd. | Tenda F3 | Medium | 6.5 | 2026-02-23 16:27:38 | Deep Dive |
| CVE-2026-27513 | Tenda F3 CSRF in Web Management Interface | Shenzhen Tenda Technology Co., Ltd. | Tenda F3 | Medium | 4.3 | 2026-02-23 16:26:52 | Deep Dive |
| CVE-2026-27512 | Tenda F3 Reflected Script Execution via Missing nosniff Header | Shenzhen Tenda Technology Co., Ltd. | Tenda F3 | Medium | 6.1 | 2026-02-23 16:26:20 | Deep Dive |
| CVE-2026-27511 | Tenda F3 Clickjacking in Web Management Interface | Shenzhen Tenda Technology Co., Ltd. | Tenda F3 | Medium | 4.3 | 2026-02-23 16:25:49 | Deep Dive |
| CVE-2026-25857 | Tenda G300-F Command Injection via formSetWanDiag | Shenzhen Tenda Technology | Tenda G300-F | - | - | 2026-02-07 21:41:41 | Deep Dive |
| CVE-2026-24441 | Tenda AC7 Transmits Admin Credentials Without HTTPS Protection | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:14:41 | Deep Dive |
| CVE-2026-24434 | Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:13:01 | Deep Dive |
| CVE-2026-24427 | Tenda AC7 Exposes Admin Credentials in Configuration Responses | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:11:32 | Deep Dive |
| CVE-2026-24426 | Tenda AC7 Reflected XSS via Web Interface Output Encoding | Shenzhen Tenda Technology Co., Ltd. | Tenda AC7 | - | - | 2026-02-03 19:09:37 | Deep Dive |
| CVE-2026-24435 | Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:49:03 | Deep Dive |
| CVE-2026-24439 | Tenda W30E V2 Lacks X-Content-Type-Options Header | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:48:37 | Deep Dive |
| CVE-2026-24432 | Tenda W30E V2 Missing CSRF Protections for Administrative Actions | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:46:55 | Deep Dive |
| CVE-2026-24433 | Tenda W30E V2 Stored XSS via Username Field | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:59 | Deep Dive |
| CVE-2026-24431 | Tenda W30E V2 Web UI Reveals Passwords in Cleartext | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:41 | Deep Dive |
| CVE-2026-24437 | Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:23 | Deep Dive |
| CVE-2026-24436 | Tenda W30E V2 Lacks Rate Limiting on Authentication | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:40:05 | Deep Dive |
| CVE-2026-24428 | Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:39:45 | Deep Dive |
| CVE-2026-24430 | Tenda W30E V2 HTTP Responses Expose Plaintext Credentials | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:39:15 | Deep Dive |
| CVE-2026-24429 | Tenda W30E V2 Hardcoded Default Password for Built-in Account | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:39:03 | Deep Dive |
| CVE-2026-24440 | Tenda W30E V2 Allows Password Changes Without Verifying Current Password | Shenzhen Tenda Technology Co., Ltd. | W30E V2 | - | - | 2026-01-26 17:38:44 | Deep Dive |